ghndrx/prowler
1
0
Fork 0
mirror of https://github.com/ghndrx/prowler.git synced 2026-02-10 14:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs(organizations): fix script and improve titles (#2693)

Browse Source
This commit is contained in:
Sergio Garcia
2023-08-10 09:56:47 +02:00
committed by GitHub
parent 22f8855ad7
commit ad3cd66e08
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/tutorials/aws/organizations.md
View File

@@ -1,5 +1,5 @@
# AWS Organizations
## Get AWS Account details from your AWS Organization:
## Get AWS Account details from your AWS Organization
Prowler allows you to get additional information of the scanned account in CSV and JSON outputs. When scanning a single account you get the Account ID as part of the output.
@@ -30,7 +30,7 @@ The additional fields in CSV header output are as follow:
ACCOUNT_DETAILS_EMAIL,ACCOUNT_DETAILS_NAME,ACCOUNT_DETAILS_ARN,ACCOUNT_DETAILS_ORG,ACCOUNT_DETAILS_TAGS
```
## Assume Role and across all accounts in AWS Organizations or just a list of accounts:
## Extra: run Prowler across all accounts in AWS Organizations by assuming roles
If you want to run Prowler across all accounts of AWS Organizations you can do this:
@@ -43,7 +43,7 @@ ACCOUNTS_IN_ORGS=$(aws organizations list-accounts --query Accounts[?Status==`AC
- Then run Prowler to assume a role (same in all members) per each account, in this example it is just running one particular check:
```
for accountId in $ACCOUNTS_IN_ORGS; do prowler aws -O arn:aws:iam::<management_organizations_account_id>:role/<role_name>; done
for accountId in $ACCOUNTS_IN_ORGS; do prowler aws -O arn:aws:iam::<management_organizations_account_id>:role/<role_name> -R arn:aws:iam::$accountId:role/<role_name>; done
```
- Using the same for loop it can be scanned a list of accounts with a variable like `ACCOUNTS_LIST='11111111111 2222222222 333333333'`